64 lines
2.1 KiB
YAML
64 lines
2.1 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: loomio-db-init
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: db-init
|
|
image: postgres:15-alpine
|
|
env:
|
|
- name: PGHOST
|
|
value: "{{ .db.host }}"
|
|
- name: PGPORT
|
|
value: "{{ .db.port }}"
|
|
- name: PGUSER
|
|
value: postgres
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-secrets
|
|
key: postgres.password
|
|
- name: LOOMIO_DB_NAME
|
|
value: "{{ .db.name }}"
|
|
- name: LOOMIO_DB_USER
|
|
value: "{{ .db.user }}"
|
|
- name: LOOMIO_DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: loomio-secrets
|
|
key: dbPassword
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
echo "Creating database and user for Loomio..."
|
|
|
|
# Check if database exists, create if not
|
|
psql -tc "SELECT 1 FROM pg_database WHERE datname = '$LOOMIO_DB_NAME'" | grep -q 1 || \
|
|
psql -c "CREATE DATABASE \"$LOOMIO_DB_NAME\""
|
|
|
|
# Check if user exists, create or update password
|
|
psql -tc "SELECT 1 FROM pg_user WHERE usename = '$LOOMIO_DB_USER'" | grep -q 1 && \
|
|
psql -c "ALTER USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" || \
|
|
psql -c "CREATE USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'"
|
|
|
|
# Grant all privileges
|
|
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$LOOMIO_DB_NAME\" TO \"$LOOMIO_DB_USER\""
|
|
|
|
# Connect to the database and grant schema permissions
|
|
psql -d "$LOOMIO_DB_NAME" -c "GRANT ALL ON SCHEMA public TO \"$LOOMIO_DB_USER\""
|
|
|
|
echo "Database initialization complete!"
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 999 # postgres user
|
|
runAsGroup: 999
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: [ALL]
|
|
readOnlyRootFilesystem: true
|
|
seccompProfile:
|
|
type: RuntimeDefault |